"UDP_ENCAP: Invalid argument" on 12.0 GENERIC r350477

P

pkc

I have read some material on the internet and the following documents:
https://svnweb.freebsd.org/base?view=revision&revision=347410
https://svnweb.freebsd.org/base?view=revision&revision=313330

It is my understanding that IPsec including IPSEC_NAT_T was enabled in GENERIC at some point in 12.0, and then removed but kept available in the ipsec module since then. I have a system built from r350477 which appears to already have ipsec in the kernel when I try to kldload ipsec.ko. However with StrongSwan I get the error message I quoted in the title.

Code: 
unable to set UDP_ENCAP: Invalid argument

I understand this to mean that NAT traversal is not available in the kernel.


Code: 
FreeBSD box 12.0-RELEASE-p8 FreeBSD 12.0-RELEASE-p8 r350477 GENERIC  amd64
 
If I read the first (r347410) correctly (time lines), that's a change on 13-CURRENT, so it does not apply to 12.0-RELEASE or 12-STABLE. The r31330 revision seems to have been done before the branching of 12-STABLE so we can assume it's included the 12.0-RELEASE branch.

I am running Strongswan on a recent 12-STABLE but it's a custom kernel too so I haven't seen this error.
 
  • Thanks
Reactions: pkc
Ah OK, I see. I suppose somehow IPSEC_NAT_T is not enabled in my system. I had a specific reason that I could not use a custom kernel, but I can try to get around that at least temporarily to see if a custom one with that IPSEC_NAT_T fixes it.
 
For what it's worth, I don't have the IPSEC_NAT_T option enabled (I don't need it), I do have IPSEC in my kernel config.
 
You must log in or register to reply here.
Back
Top